{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T04:49:27Z","timestamp":1776746967549,"version":"3.51.2"},"reference-count":91,"publisher":"Informa UK Limited","issue":"3","funder":[{"DOI":"10.13039\/501100003093","name":"Ministry of Higher Education, Malaysia","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100003093","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["www.tandfonline.com"],"crossmark-restriction":true},"short-container-title":["Information Security Journal: A Global Perspective"],"published-print":{"date-parts":[[2026,5,4]]},"DOI":"10.1080\/19393555.2026.2616290","type":"journal-article","created":{"date-parts":[[2026,1,16]],"date-time":"2026-01-16T10:08:34Z","timestamp":1768558114000},"page":"449-477","update-policy":"https:\/\/doi.org\/10.1080\/tandf_crossmark_01","source":"Crossref","is-referenced-by-count":0,"title":["A preliminary study on Information Security management maturity in MalaysianIT firms"],"prefix":"10.1080","volume":"35","author":[{"given":"Qamarul Nazrin","family":"Harun","sequence":"first","affiliation":[{"name":"Universiti Teknologi MARA","place":["Johor Campus, Malaysia"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Muhamad Khairulnizam","family":"Zaini","sequence":"additional","affiliation":[{"name":"Universiti Teknologi MARA","place":["Shah Alam Campus, Malaysia"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Siti Zaleha","family":"Abd Goni","sequence":"additional","affiliation":[{"name":"Universiti Teknologi MARA","place":["Shah Alam Campus, Malaysia"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Norhayati","family":"Hussin","sequence":"additional","affiliation":[{"name":"Universiti Teknologi MARA","place":["Shah Alam Campus, Malaysia"]}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"301","published-online":{"date-parts":[[2026,1,16]]},"reference":[{"key":"e_1_3_3_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICEEE55327.2022.9772546"},{"key":"e_1_3_3_3_1","doi-asserted-by":"publisher","DOI":"10.18517\/ijaseit.14.5.20234"},{"key":"e_1_3_3_4_1","doi-asserted-by":"publisher","DOI":"10.5220\/0012487600003648"},{"key":"e_1_3_3_5_1","doi-asserted-by":"publisher","DOI":"10.57152\/malcom.v4i2.1245"},{"key":"e_1_3_3_6_1","unstructured":"AlKalbani A. Deng H. & Kam B. (2016). Investigating the role of socio-organisational factors in the information security compliance in organisations."},{"key":"e_1_3_3_7_1","doi-asserted-by":"publisher","DOI":"10.21203\/rs.3.rs-196216\/v1"},{"key":"e_1_3_3_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICAIIC57133.2023.10067127"},{"key":"e_1_3_3_9_1","doi-asserted-by":"publisher","DOI":"10.3390\/info12100398"},{"key":"e_1_3_3_10_1","volume-title":"Remote working fuels crime in stolen data","author":"Analytica O.","year":"2022","unstructured":"Analytica, O. (2022). Remote working fuels crime in stolen data. Oxan-Db. Emerald Expert Briefings."},{"key":"e_1_3_3_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-80129-8_55"},{"key":"e_1_3_3_12_1","doi-asserted-by":"publisher","DOI":"10.3390\/jcp2020015"},{"key":"e_1_3_3_13_1","doi-asserted-by":"publisher","DOI":"10.1111\/puar.13493"},{"key":"e_1_3_3_14_1","unstructured":"Australian Cyber Security Centre. (2023). Essential eight maturity model. Australian government. https:\/\/www.cyber.gov.au\/resources-business-and-government\/essential-cybersecurity\/essential-eight\/essential-eight-maturity-model"},{"key":"e_1_3_3_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.10.007"},{"key":"e_1_3_3_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-012-9373-x"},{"key":"e_1_3_3_17_1","doi-asserted-by":"publisher","DOI":"10.3390\/electronics14071364"},{"key":"e_1_3_3_18_1","doi-asserted-by":"publisher","DOI":"10.1191\/1478088706qp063oa"},{"key":"e_1_3_3_19_1","doi-asserted-by":"publisher","DOI":"10.3390\/systems13010052"},{"key":"e_1_3_3_20_1","doi-asserted-by":"publisher","DOI":"10.1080\/15228053.2022.2148979"},{"key":"e_1_3_3_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3547132"},{"key":"e_1_3_3_22_1","volume-title":"CMMI for development, version 1.3 (CMU\/SEI-2010-TR-033)","author":"CMMI Product Team","year":"2010","unstructured":"CMMI Product Team. (2010). CMMI for development, version 1.3 (CMU\/SEI-2010-TR-033). Software Engineering Institute, Carnegie Mellon University."},{"key":"e_1_3_3_23_1","doi-asserted-by":"publisher","DOI":"10.1108\/ICS-03-2017-0013"},{"key":"e_1_3_3_24_1","volume-title":"Qualitative inquiry and research design: Choosing among five approaches","author":"Creswell J. W.","year":"2016","unstructured":"Creswell, J. W., & Poth, C. N. (2016). Qualitative inquiry and research design: Choosing among five approaches. SAGE Publications."},{"key":"e_1_3_3_25_1","volume-title":"Cybersecurity code of practice for critical information infrastructure","author":"Cyber Security Agency of Singapore","year":"2022","unstructured":"Cyber Security Agency of Singapore. (2022). Cybersecurity code of practice for critical information infrastructure. Government of Singapore. https:\/\/www.csa.gov.sg\/legislation\/codes\u2011of\u2011practice\/ [PDF]."},{"key":"e_1_3_3_26_1","volume-title":"Singapore cyber landscape 2022","author":"Cyber Security Agency of Singapore","year":"2023","unstructured":"Cyber Security Agency of Singapore. (2023). Singapore cyber landscape 2022."},{"key":"e_1_3_3_27_1","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2405.16215"},{"key":"e_1_3_3_28_1","first-page":"94","volume-title":"ACIS 2023 Proceedings","author":"Dev M.","year":"2023","unstructured":"Dev, M., & Saha, D. (2023). Female participation in workforce as an antecedent of cybersecurity maturity and wellbeing of nations. ACIS 2023 Proceedings (pp. 94). Association for Information Systems. https:\/\/aisel.aisnet.org\/acis2023\/94"},{"key":"e_1_3_3_29_1","doi-asserted-by":"publisher","DOI":"10.6007\/IJARBSS\/v12-i5\/12924"},{"key":"e_1_3_3_30_1","unstructured":"European Union Agency for Cybersecurity. (2023). Threat landscape report 2023. ENISA."},{"key":"e_1_3_3_31_1","doi-asserted-by":"publisher","DOI":"10.1080\/00051144.2017.1407022"},{"key":"e_1_3_3_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-51643-6_16"},{"key":"e_1_3_3_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2019.2913141"},{"key":"e_1_3_3_34_1","article-title":"A risk first approach to setting an information security budget","volume":"5","author":"Grosser P.","year":"2023","unstructured":"Grosser, P., & Burch, G. F. (2023). A risk first approach to setting an information security budget. ISACA Journal, 5.","journal-title":"ISACA Journal"},{"key":"e_1_3_3_35_1","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2410.02259"},{"key":"e_1_3_3_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/MECON62796.2024.10776357"},{"key":"e_1_3_3_37_1","doi-asserted-by":"publisher","DOI":"10.1080\/10580530903455247"},{"key":"e_1_3_3_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.120"},{"key":"e_1_3_3_39_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(02)00504-7"},{"key":"e_1_3_3_40_1","doi-asserted-by":"publisher","DOI":"10.23919\/FRUCT61870.2024.10516387"},{"key":"e_1_3_3_41_1","doi-asserted-by":"publisher","DOI":"10.30574\/wjarr.2024.22.3.1728"},{"key":"e_1_3_3_42_1","volume-title":"COBIT\u00ae 2019 framework: Design guide","author":"ISACA","year":"2019","unstructured":"ISACA. (2019). COBIT\u00ae 2019 framework: Design guide. ISACA."},{"key":"e_1_3_3_43_1","unstructured":"ISM3 Consortium. (2007). Information security management maturity model (ISM3) version 2.10. ISM3 consortium. http:\/\/www.ism3.com"},{"key":"e_1_3_3_44_1","unstructured":"ISMS.online. (2024). ISO 27001 compliance by country: Jurisdiction guide. https:\/\/www.isms.online\/iso-27001\/country\/"},{"key":"e_1_3_3_45_1","doi-asserted-by":"publisher","DOI":"10.1108\/ITP-08-2019-0438"},{"key":"e_1_3_3_46_1","doi-asserted-by":"publisher","DOI":"10.1504\/IJESB.2025.143823"},{"key":"e_1_3_3_47_1","doi-asserted-by":"publisher","DOI":"10.1108\/ITP-11-2021-0849"},{"key":"e_1_3_3_48_1","doi-asserted-by":"publisher","DOI":"10.1007\/s42979-022-01108-x"},{"key":"e_1_3_3_49_1","doi-asserted-by":"publisher","DOI":"10.33168\/JSMS.2023.0534"},{"key":"e_1_3_3_50_1","doi-asserted-by":"publisher","DOI":"10.1002\/isd2.12350"},{"key":"e_1_3_3_51_1","doi-asserted-by":"publisher","DOI":"10.14569\/IJACSA.2024.0150878"},{"key":"e_1_3_3_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICITCOM62788.2024.10762542"},{"key":"e_1_3_3_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3229766"},{"key":"e_1_3_3_54_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-79454-5_2"},{"key":"e_1_3_3_55_1","doi-asserted-by":"publisher","DOI":"10.1057\/s41284-023-00381-6"},{"key":"e_1_3_3_56_1","volume-title":"Qualitative research design: An interactive approach","author":"Maxwell J. A.","year":"2012","unstructured":"Maxwell, J. A. (2012). Qualitative research design: An interactive approach. SAGE Publications."},{"key":"e_1_3_3_57_1","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-4666-7409-7.ch007"},{"key":"e_1_3_3_58_1","volume-title":"Cybersecurity management guidelines for Japanese enterprise executives (version 3.0)","author":"Ministry of Economy, Trade and Industry; Information-technology Promotion Agency, Japan","year":"2021","unstructured":"Ministry of Economy, Trade and Industry; Information-technology Promotion Agency, Japan. (2021). Cybersecurity management guidelines for Japanese enterprise executives (version 3.0). METI & IPA."},{"key":"e_1_3_3_59_1","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-5225-0741-3.ch005"},{"key":"e_1_3_3_60_1","volume-title":"Cyber999 statistics - Q4 2024","author":"MyCERT","year":"2025","unstructured":"MyCERT. (2025). Cyber999 statistics - Q4 2024. CyberSecurity Malaysia. https:\/\/www.mycert.org.my\/portal\/advisory?id=SR-029.022025"},{"key":"e_1_3_3_61_1","doi-asserted-by":"publisher","DOI":"10.1108\/APJBA-08-2013-0088"},{"key":"e_1_3_3_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICOSST57195.2022.10016853"},{"key":"e_1_3_3_63_1","doi-asserted-by":"publisher","DOI":"10.5815\/ijitcs.2018.04.02"},{"key":"e_1_3_3_64_1","doi-asserted-by":"publisher","DOI":"10.1080\/0960085X.2024.2359460"},{"key":"e_1_3_3_65_1","doi-asserted-by":"publisher","DOI":"10.5281\/zenodo.14639415"},{"key":"e_1_3_3_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/362280.362284"},{"key":"e_1_3_3_67_1","volume-title":"New perspectives on measuring cybersecurity","author":"Organisation for Economic Co-operation and Development","year":"2024","unstructured":"Organisation for Economic Co-operation and Development. (2024). New perspectives on measuring cybersecurity. OECD Publishing."},{"key":"e_1_3_3_68_1","doi-asserted-by":"publisher","DOI":"10.1080\/08874417.2022.2119442"},{"key":"e_1_3_3_69_1","doi-asserted-by":"publisher","DOI":"10.1177\/1555343415575152"},{"key":"e_1_3_3_70_1","unstructured":"Quotient Security. (2025). Understanding Malaysia\u2019s cyber threat landscape: A 2025 outlook. https:\/\/securityquotient.io\/understanding-malaysias-cyber-threat-landscape-a-2025-outlook"},{"key":"e_1_3_3_71_1","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-020-00052-8"},{"key":"e_1_3_3_72_1","doi-asserted-by":"publisher","DOI":"10.21609\/jsi.v18i2.1146"},{"key":"e_1_3_3_73_1","doi-asserted-by":"publisher","DOI":"10.1063\/5.0115555"},{"key":"e_1_3_3_74_1","doi-asserted-by":"publisher","DOI":"10.5296\/ber.v12i4.20507"},{"key":"e_1_3_3_75_1","volume-title":"Qualitative interviewing: The art of hearing data","author":"Rubin H.","year":"2011","unstructured":"Rubin, H., & Rubin, I. (2011). Qualitative interviewing: The art of hearing data. Sage."},{"issue":"2","key":"e_1_3_3_76_1","first-page":"77","article-title":"The role of risk management in cybersecurity protocols","volume":"7","author":"Sabidi M. L.","year":"2024","unstructured":"Sabidi, M. L., & Zolkipli, M. F. (2024). The role of risk management in cybersecurity protocols. Borneo International Journal, 7(2), 77\u201381.","journal-title":"Borneo International Journal"},{"key":"e_1_3_3_77_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.10.006"},{"issue":"2","key":"e_1_3_3_78_1","first-page":"156","article-title":"Cybersecurity maturity framework for international airports in Malaysia: A systematic literature review","volume":"2","author":"Samuri S.","year":"2023","unstructured":"Samuri, S., Abdul Khir, M. F., Mohd Amin, Z., & Mohammad, M. F. N. (2023). Cybersecurity maturity framework for international airports in Malaysia: A systematic literature review. Journal of Information and Knowledge Management (JIKM), 2 (2), 156\u2013167.","journal-title":"Journal of Information and Knowledge Management (JIKM)"},{"key":"e_1_3_3_79_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102306"},{"key":"e_1_3_3_80_1","doi-asserted-by":"publisher","DOI":"10.11591\/ijeecs.v21.i3.pp1820-1829"},{"key":"e_1_3_3_81_1","doi-asserted-by":"publisher","DOI":"10.11610\/Connections.19.4.01"},{"key":"e_1_3_3_82_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2015.25"},{"key":"e_1_3_3_83_1","doi-asserted-by":"publisher","DOI":"10.25134\/ilkom.v18i2.205"},{"key":"e_1_3_3_84_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-46r2"},{"key":"e_1_3_3_85_1","doi-asserted-by":"publisher","DOI":"10.1108\/03068299910229569"},{"key":"e_1_3_3_86_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101709"},{"key":"e_1_3_3_87_1","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-5225-9078-1.ch005"},{"key":"e_1_3_3_88_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCOINS.2018.8510569"},{"key":"e_1_3_3_89_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-16-7099-2_6"},{"key":"e_1_3_3_90_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-57959-7_1"},{"key":"e_1_3_3_91_1","doi-asserted-by":"publisher","DOI":"10.2174\/97898153055481250101"},{"key":"e_1_3_3_92_1","doi-asserted-by":"publisher","DOI":"10.1108\/JIC-05-2019-0128"}],"container-title":["Information Security Journal: A Global Perspective"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.tandfonline.com\/doi\/pdf\/10.1080\/19393555.2026.2616290","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T04:33:52Z","timestamp":1776746032000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.tandfonline.com\/doi\/full\/10.1080\/19393555.2026.2616290"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,16]]},"references-count":91,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2026,5,4]]}},"alternative-id":["10.1080\/19393555.2026.2616290"],"URL":"https:\/\/doi.org\/10.1080\/19393555.2026.2616290","relation":{},"ISSN":["1939-3555","1939-3547"],"issn-type":[{"value":"1939-3555","type":"print"},{"value":"1939-3547","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,16]]},"assertion":[{"value":"The publishing and review policy for this title is described in its Aims & Scope.","order":1,"name":"peerreview_statement","label":"Peer Review Statement"},{"value":"http:\/\/www.tandfonline.com\/action\/journalInformation?show=aimsScope&journalCode=uiss20","URL":"http:\/\/www.tandfonline.com\/action\/journalInformation?show=aimsScope&journalCode=uiss20","order":2,"name":"aims_and_scope_url","label":"Aim & Scope"},{"value":"2026-01-16","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}